Trend Micro has come across some interesting spam emails leveraging the topic. The malicious warnings carry the subject line “Heartbleed Bug Warning” and they read something like this:
The emails are signed by an individual called “Dexter” who appears to live in Riyadh, Saudi Arabia. The footer of the email contains an “unsubscribe” link, but that doesn’t make it any less dangerous.
As expected, the “Report from CNN” link contained in the notification doesn’t point to a report from CNN, but to a suspicious website.
Trend Micro hasn’t been able to precisely determine what’s on this site because it has been taken down. However, it’s safeto assume that it was something malicious.
The numerous alerts and advisories have made people aware of the seriousness of the issue. That’s why there might be enough internauts who would click on links from such emails without giving it too much thought.
As a general rule, users who want to avoid falling victim to phishing scams or having their computers infected with malware should never trust any unsolicited emails, no matter how interesting or urgent they sound.